d488bfff214bac0e4e4ce9db920e6afb6a720c80f44072f55d7b060f6ca8fb65

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 02:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22e3d55ade6b682e067943eeb3f0b6e8_JaffaCakes118.html
Size

146KB
MD5

22e3d55ade6b682e067943eeb3f0b6e8
SHA1

1091e2654895867479db56cd57dc00e14977f252
SHA256

d488bfff214bac0e4e4ce9db920e6afb6a720c80f44072f55d7b060f6ca8fb65
SHA512

dc2b419e733648addc22f410e6a742428892e4fff65d36e304256053a532a9d0fcdb989420f18974eb3df4c3f6e2ebc0bd403a601a825802188b76cccedcefcc
SSDEEP

3072:1DDSnzYZSw5krCO0/V/8rnOL55ShutTy+XlodthE8PcV22wOoS/0Ib+b+FmKgMxs:1DGnzy5krCO0/V/8rnOL55ShutTR722A

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
1552	msedge.exe
1552	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 2608	1552	msedge.exe	83
PID 1552 wrote to memory of 2608	1552	msedge.exe	83
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4616	1552	msedge.exe	84
PID 1552 wrote to memory of 4624	1552	msedge.exe	85
PID 1552 wrote to memory of 4624	1552	msedge.exe	85
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86
PID 1552 wrote to memory of 876	1552	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\22e3d55ade6b682e067943eeb3f0b6e8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff92e6e46f8,0x7ff92e6e4708,0x7ff92e6e4718
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8633452412758789377,14571795435881405429,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8633452412758789377,14571795435881405429,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8633452412758789377,14571795435881405429,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8633452412758789377,14571795435881405429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8633452412758789377,14571795435881405429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8633452412758789377,14571795435881405429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8633452412758789377,14571795435881405429,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8633452412758789377,14571795435881405429,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
01e8bca7b67341a23c04b884f162015f

SHA1
ab3d22e8f5198c92545d34616d8a1a244eb782aa

SHA256
e638fa0907ee2ab62cbf046b0f2baba3fbeb4a4d13ffdcb1ce0bccb1b1c13a33

SHA512
431078b50d3374ac0cbe33853dbf946b539b3e85ecf703ee250a81dd25b7574cdc5824e44a24df00582a4f9e132aeed366018f96d35f4545def9fed9384d1b7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
5050ad9e261cdc43df243d2c06017e69

SHA1
36bd305fade6ceabfd48bf735b5c4199ef5067a8

SHA256
bb023a27f03c158fbaeebd657033ad8250f3180c1fe5f6a30fff6515148788bf

SHA512
18261ee46468ce10837118effed37241754256bd1d725e94449d00758b1a143f5bafaff0f78767fb110760938abeec2b709c03b7182c0c38134b5bacbcfdaa89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
2ef4c0157c72c9625159e7acc9e29d34

SHA1
12d63849eee0f156650b76ac45dad9fac550b8c5

SHA256
39b56ec7055c60507b05405daeceae2c5ded23399b0572436469c4fc04df4b3f

SHA512
ab2fdcbeb3aa6ce7f52b5d910ead4a68e14fe7d34a7c0a22bb4a9fb58143cf069f6d4803875af77cb5817ab994cc54c656c54b3215225ccee3edaefadf9d1220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fac46b1641522428d6ff2d36c729ffda

SHA1
180d9aafadc7a344cdc88ea7b702474e506a1a5f

SHA256
4205b368c1ea791cfad53dba965e9cf1a10786f2a58b2260c3fe9feaf876fc46

SHA512
60b8e0ef37480514753da0c1f4419a0dbbaced181ce63fb38310d8d8942980bb6faa2828c136a4fc4f34c24dce36fd5310a1f23ec1a6ba29fea1421fdd19f56d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4404af5ef9e11365f32d12d7a69ddf09

SHA1
0b75ebf77669550bb1a6cde910bc5586ef04d2b2

SHA256
1b1f2c64d6ecf8b1a6a86838ce6a99ff3941c669c7a0687a21c86f2c2d69fb47

SHA512
165baf2d169935c05cd04a98b30189985361c7dcf9e3f654079933e61621ba43032cb1e51d5c4d613e9d5746b8f819f8e1a9f4e76035e038c343ba2f1d57780c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fedc8a778aedbfd025bcbf7f96d0fd08

SHA1
1509b32b6295ef84880e6d2a43159441adb4c990

SHA256
dd1a9c9ed372b9ebcd98fbad439f1663b4f4bb5fec7264d217370b5a5c559490

SHA512
bb62b700e287a87259a57ddc1aab4527b9fafd989a55e221e9c83ac7c5e5c605b4b11c0b22bd740788945594b652345c7bd9ed2bc3bf01d2580aed8455a24516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
e86dc177ddaf699d289f2d1a712e9b09

SHA1
9242f9c95a28188b348f59224eb84fdc04f903b1

SHA256
0f70e0cd8ec71ef42231cf381db01af904cf556014af6115bd04597467dd2d13

SHA512
a1a9b0b65ada9a00ddea0767ce6a5f298f546c9ccddd5a23cc89abd6d257fdd7cce07e01bf12f1b21be48e74069e2c3e8cec6af8b981706c9cbd3f350650cc2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59239b.TMP

Filesize
371B

MD5
c0168a731d1810cf3d1036f5024ce047

SHA1
db2a838b79572b119ed5ca79aef6eaadf3bf37f2

SHA256
c8f220231fe49998f63a955774fa2260d81452b5e75a42ff4a168907dd88e519

SHA512
7b7afbfa5ddbda80179b71b3c57238480d14ea2cd6f58fce1806c072b02f8454c75544b187974d7c416279fa4e5d478f20c9c07c8e98a99452600372f1538d1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
28ea434a8dec275bc1c8c50b86239a72

SHA1
5327606ef72992f1c6fd90d35a6900b1af0a4d8d

SHA256
54c59643181ce5bb5ff90ac3ba6540710c919e1946c180fc87922dd4094770a8

SHA512
aa0724c85c9641ca8a4f64dcb71d803b1668cd2c1812045dc24344e42d40c6f9103158700548d654123956e63745002afe09a96d2917f2513c54d2fd44d4dcbc

Download Submit